GDPR enforcement in 2024
318 decisions · €148.0M total fines · ← 2023 · 2025 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2024-05-30 | PILLOW HOTELS, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33 | €4,200 |
| 2024-05-30 | Corint Logistic SRL. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 17Art. 21 | €2,000 |
| 2024-05-28 | CAIXABANK S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €70,000 |
| 2024-05-28 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €300 |
| 2024-05-27 | Ministry of Interior (Greece) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5 | €400,000 |
| 2024-05-27 | Member of the European Parliament Insufficient legal basis for data processing | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 6Art. 14 | €40,000 |
| 2024-05-25 | Association Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | €15,000 | |
| 2024-05-25 | Association Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | €10,000 | |
| 2024-05-24 | VOX ESPAÑA Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €1,000 |
| 2024-05-23 | Azienda Sanitaria Locale TO4 Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €8,400 |
| 2024-05-23 | Pubilc educational institution Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | €6,000 | |
| 2024-05-23 | Azienda Socio-sanitaria Territoriale Rhodense Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 16 | €4,500 |
| 2024-05-23 | Professional association Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 27Art. 2 | €3,500 |
| 2024-05-23 | President of a workers' council Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €600 |
| 2024-05-22 | WATIUM S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €96,000 |
| 2024-05-22 | CUBILLO GALLEGO S.L. Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €3,000 |
| 2024-05-20 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 32 | €336,000 |
| 2024-05-14 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €300 |
| 2024-05-09 | Azienda ospedale università di Padova Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €75,000 |
| 2024-05-09 | Azzurro Club Hotels S.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 6Art. 12Art. 15Art. 130 | €10,000 |
| 2024-05-09 | Medical association Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 2 | €3,000 |
| 2024-05-09 | Polisportiva Mimmo Ferrito s.r.l.. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €3,000 |
| 2024-05-09 | IRIDEX GROUP SALUBRIZARE SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €2,000 |
| 2024-05-09 | Homeowners' association Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,600 |
| 2024-05-09 | MEDICOVER SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |